From 891ed896572dd59e7416cc3895155ccde0268a99 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Sat, 7 Jul 2018 09:44:01 -0400 Subject: [PATCH] Stop processing requests verify args Now that openstacksdk handles insecure properly, we can get rid of the logic here that re-does things. Change-Id: I5a1abd781b12b73fa73f166d91687c2d5dd35356 Depends-On: https://review.openstack.org/580795 --- lower-constraints.txt | 2 +- osc_lib/clientmanager.py | 46 ++++++---------------------------------- requirements.txt | 2 +- 3 files changed, 8 insertions(+), 42 deletions(-) diff --git a/lower-constraints.txt b/lower-constraints.txt index 4f67f00..66e45d0 100644 --- a/lower-constraints.txt +++ b/lower-constraints.txt @@ -44,7 +44,7 @@ munch==2.1.0 netaddr==0.7.18 netifaces==0.10.4 openstackdocstheme==1.18.1 -openstacksdk==0.13.0 +openstacksdk==0.15.0 os-service-types==1.2.0 os-testr==1.0.0 oslo.concurrency==3.25.0 diff --git a/osc_lib/clientmanager.py b/osc_lib/clientmanager.py index eff783f..afcda30 100644 --- a/osc_lib/clientmanager.py +++ b/osc_lib/clientmanager.py @@ -101,46 +101,12 @@ class ClientManager(object): # self.verify is the Requests-compatible form # self.cacert is the form used by the legacy client libs # self.insecure is not needed, use 'not self.verify' - - # NOTE(dtroyer): Per bug https://bugs.launchpad.net/bugs/1447784 - # --insecure overrides any --os-cacert setting - - # Set a hard default - self.verify = True - if self._cli_options.insecure: - # Handle --insecure - self.verify = False - self.cacert = None - else: - if (self._cli_options.cacert is not None - and self._cli_options.cacert != ''): - # --cacert implies --verify here - self.verify = self._cli_options.cacert - self.cacert = self._cli_options.cacert - else: - # Fall through also gets --verify - if self._cli_options.verify is not None: - self.verify = self._cli_options.verify - self.cacert = None - - # Set up client certificate and key - # NOTE(cbrandily): This converts client certificate/key to requests - # cert argument: None (no client certificate), a path - # to client certificate or a tuple with client - # certificate/key paths. - self.cert = self._cli_options.cert - if self.cert and self._cli_options.key: - self.cert = self.cert, self._cli_options.key - - # TODO(mordred) The logic above to set all of these is duplicated in - # os-client-config but needs more effort to tease apart and ensure that - # values are being passed in. For now, let osc_lib do it and just set - # the values in occ.config - self._cli_options.config['verify'] = self.verify - self._cli_options.config['cacert'] = self.cacert - # Attack of the killer passthrough values - self._cli_options.config['cert'] = self._cli_options.cert - self._cli_options.config['key'] = self._cli_options.key + self.cacert = None + self.verify, self.cert = self._cli_options.get_requests_verify_args() + # If there is a cacert and we're verifying, it'll be in the verify + # argument. + if not isinstance(self.verify, bool): + self.cacert = self.verify # TODO(mordred) We also don't have any support for setting or passing # in api_timeout, which is set in occ defaults but we skip occ defaults diff --git a/requirements.txt b/requirements.txt index 387197f..cc7e873 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,7 +7,7 @@ six>=1.10.0 # MIT Babel!=2.4.0,>=2.3.4 # BSD cliff!=2.9.0,>=2.8.0 # Apache-2.0 keystoneauth1>=3.7.0 # Apache-2.0 -openstacksdk>=0.13.0 # Apache-2.0 +openstacksdk>=0.15.0 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0 oslo.utils>=3.33.0 # Apache-2.0 simplejson>=3.5.1 # MIT